Businesses have had to relook their strategies and navigate the new normal at a pace unimagined. If one thing has been the centerpiece of the world’s technical response to the pandemic, it is the cloud. While the focus on cloud spiked, so did the cyberattacks targeting cloud services.
As security threats progressively turn sophisticated and complex, cloud security and compliance continue to be the biggest pain points. An integrated approach and understanding security responsibility are key to building a robust cloud security strategy.
Minu Sirsalewala, Editorial Consultant, CISO MAG, interacted with Sanjay Manohar, Managing Director, McAfee Enterprise India, to discuss how securing the cloud in 2021 is becoming a business imperative for business continuity. Manohar also addressed the ambiguity around the shared responsibility model for cloud security, the DevSecOps approach, and the security and compliance requirements.
Manohar, as the Managing Director of McAfee Enterprise India, is responsible for driving accelerated adoption of McAfee’s cloud products, enhancing enterprise-centric product revenues, and improving customer satisfaction across the region.
With a career spanning over 26 years, Manohar’s expertise encompasses sales management and marketing domains across South-East Asia, China, and Asia-Pacific markets. He has in the past held leadership roles at technology giants such as Akamai, Oracle, and Dell at a time when cloud solutions had just begun reshaping the global IT industry. Manohar is a performance-oriented team leader and is committed to building and managing high-caliber teams, functioning in complex environments.
His core strengths include go-to-market strategy and execution, supplemented by his expertise in the areas of SaaS, enterprise software, and networking.
Manohar holds an MBA from the Bharathidasan Institute of Management, a Bachelor of Science degree from Bangalore University, and is an alumnus of the Rashtriya Military School.
Edited excerpts of the interview follow:
As more on-premise applications are moving to cloud, is cloud-native security enough to secure enterprises leveraging complex, hybrid, and multi-cloud environments? How can cloud-native be made more secure?
There has been an increase in the adoption of cloud, driven by the pandemic, and enterprise cloud usage has increased massively. A large percentage of valuable corporate data is today on cloud. However, there has also been a substantial increase in cloud threats – according to recent McAfee Enterprise research, there were close to 366,000 incidents in India in Q4 2020, with 3.1 million attacks on cloud accounts worldwide!
To ensure effective cloud-native security, a top-down approach to IT security could be beneficial. As cloud-native applications gain prominence, companies have realized that merging the related security responsibilities with their central security teams is the way to go. This evolution is driving a shift from a project-team-led bottoms-up approach to a top-down approach for greater consistency across projects and environments. Apart from that, the automation of security practices via integration with DevOps could ensure that more cloud-native applications will be protected. The deployment of an integrated platform to protect cloud-native applications and infrastructure would make it more secure. Lastly, there is a considerable security maturity gap between cloud-native and non-cloud-native applications. As organizations gradually move to remote working and adopt IaaS and PaaS systems, an increase in investments — in both cloud-native security tools and employee training will go a long way in bolstering security and ensuring that cloud-native becomes safer to use.
Cloud misconfiguration exploits are the Achilles heel for cloud security. Public and open cloud storage buckets are unmonitored, add to it PET technologies (encryption, authentication) that are difficult to automate with unique protocols that each application requires. What cloud security solution is most effective?
By now, most organizations have realized that to ensure data security as they move to cloud, applications may have to be redesigned to become “cloud-native”. However, since cloud-native are continuously developed and deployed, and modern enterprises lack a way to measure cumulative risk, they are vulnerable to security breaches. Starting, March 2020, there has been a massive expansion in outsider assaults on cloud frameworks. The sort of assaults that agitators are following are recognizing the area of sensitive information, discovering how to take advantage of and taking advantage of weaknesses in programming to exfiltrate data.
What is the importance of security and compliance requirements such as data residency and administration access for adopting secured cloud technologies? Is it a driving force for the cloud security market?
Data residency and administration access are vital parts of cloud security for McAfee Enterprise. Depending on the industry an organization is in, it might have to comply with different regulatory frameworks. GDPR, PCI DSS, HIPAA, and HITECH are just a few compliance requirements that they must adhere to. While the ability to demonstrate compliance by meeting specific standards for business continuity and cybersecurity has become a necessity, it has also become a competitive advantage. Continuous compliance enables businesses to identify the risks and make sure they are never caught oblivious, while also being in position to detect, react, and recover from a disruption. Not just that, compliance also helps an organization keep away from the precarious monetary and reputational cost of resistance.
Read the full interview in the December issue of CISO MAG.
About the Interviewer
Minu Sirsalewala is an Editorial Consultant at CISO MAG. She writes news features and interviews.
